Lucene search
K
NvdMost viewed

364165 matches found

NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2021-46378

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download...

7.5CVSS0.31863EPSS
Exploits4References3
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2020-18326

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

8.8CVSS0.02226EPSS
Exploits2References1
NVD
NVD
•added 2022/03/02 8:15 p.m.•45 views

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

9.8CVSS0.01446EPSS
Exploits0References2
NVD
NVD
•added 2022/02/24 3:15 p.m.•45 views

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS0.0322EPSS
Exploits1References1
NVD
NVD
•added 2022/02/11 6:15 p.m.•45 views

CVE-2021-31932

Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...

9.8CVSS0.21639EPSS
Exploits3References1
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
•added 2022/02/03 12:15 p.m.•45 views

CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS0.00845EPSS
Exploits1References4
NVD
NVD
•added 2022/01/26 11:15 a.m.•45 views

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

8.1CVSS0.02033EPSS
Exploits0References1
NVD
NVD
•added 2022/01/13 10:15 p.m.•45 views

CVE-2021-34997

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS0.04248EPSS
Exploits0References1
NVD
NVD
•added 2022/01/10 9:15 p.m.•45 views

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

5.3CVSS0.02152EPSS
Exploits1References2
NVD
NVD
•added 2022/01/06 9:15 a.m.•45 views

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...

6.1CVSS0.02327EPSS
Exploits0References1
NVD
NVD
•added 2022/01/04 8:15 p.m.•45 views

CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...

10CVSS0.01197EPSS
Exploits0References2
NVD
NVD
•added 2022/01/03 10:15 p.m.•45 views

CVE-2021-37098

Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash...

7.5CVSS0.00655EPSS
Exploits0References1
NVD
NVD
•added 2021/12/23 9:15 a.m.•45 views

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

9.8CVSS0.05087EPSS
Exploits0References2
NVD
NVD
•added 2021/12/15 7:15 p.m.•45 views

CVE-2021-0971

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

6.5CVSS0.00649EPSS
Exploits0References1
NVD
NVD
•added 2021/11/29 8:15 a.m.•45 views

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS0.53008EPSS
Exploits3References2
NVD
NVD
•added 2021/11/24 7:15 p.m.•45 views

CVE-2021-43778

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the front/send.php file...

9.1CVSS0.52658EPSS
Exploits2References5
NVD
NVD
•added 2021/11/22 9:15 a.m.•45 views

CVE-2021-43582

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the...

7.8CVSS0.01339EPSS
Exploits0References2
NVD
NVD
•added 2021/11/12 11:15 a.m.•45 views

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS0.88476EPSS
Exploits0References2
NVD
NVD
•added 2021/11/10 1:19 a.m.•45 views

CVE-2021-42300

Azure Sphere Tampering Vulnerability...

6.7CVSS0.00547EPSS
Exploits0References1
NVD
NVD
•added 2021/10/04 12:15 p.m.•45 views

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

6.1CVSS0.09912EPSS
Exploits4References3
NVD
NVD
•added 2021/10/04 10:15 a.m.•45 views

CVE-2021-22557

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

7.8CVSS0.0158EPSS
Exploits4References2
NVD
NVD
•added 2021/09/28 8:15 p.m.•45 views

CVE-2021-21570

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information...

6.8CVSS0.00778EPSS
Exploits0References1
NVD
NVD
•added 2021/09/22 3:15 p.m.•45 views

CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.5CVSS0.48417EPSS
Exploits4References4
NVD
NVD
•added 2021/09/14 11:15 p.m.•45 views

CVE-2021-23029

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

8.8CVSS0.00875EPSS
Exploits0References1
NVD
NVD
•added 2021/09/14 12:15 p.m.•45 views

CVE-2021-33685

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data...

6.5CVSS0.01029EPSS
Exploits0References2
NVD
NVD
•added 2021/09/14 11:15 a.m.•45 views

CVE-2021-27391

A vulnerability has been identified in APOGEE MBC PPC P2 Ethernet All versions = V2.6.3, APOGEE MEC PPC P2 Ethernet All versions = V2.6.3, APOGEE PXC Compact BACnet All versions = V2.8, APOGEE PXC Modular BACnet All versions = V2.8, TALON TC Compact BACnet All versions V3.5.3, TALON TC Modular...

10CVSS0.03369EPSS
Exploits0References1
NVD
NVD
•added 2021/09/01 8:15 p.m.•45 views

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

9.1CVSS0.00594EPSS
Exploits0References2
NVD
NVD
•added 2021/08/29 8:15 p.m.•45 views

CVE-2021-40172

Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...

8.8CVSS0.00994EPSS
Exploits0References1
NVD
NVD
•added 2021/08/17 10:15 p.m.•45 views

CVE-2021-28372

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...

8.3CVSS0.02575EPSS
Exploits1References3
NVD
NVD
•added 2021/08/08 6:15 a.m.•45 views

CVE-2020-36469

An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally...

5.9CVSS0.00978EPSS
Exploits1References2
NVD
NVD
•added 2021/08/03 12:15 p.m.•45 views

CVE-2021-35265

A reflected cross-site scripting XSS vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page...

6.1CVSS0.03436EPSS
Exploits1References2
NVD
NVD
•added 2021/07/16 11:15 a.m.•45 views

CVE-2021-21819

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS0.02886EPSS
Exploits2References1
NVD
NVD
•added 2021/07/13 11:15 a.m.•45 views

CVE-2021-34315

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an...

7.8CVSS0.01574EPSS
Exploits0References2
NVD
NVD
•added 2021/06/21 7:15 p.m.•45 views

CVE-2020-19511

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...

6.1CVSS0.00819EPSS
Exploits1References2
NVD
NVD
•added 2021/06/17 1:15 p.m.•45 views

CVE-2021-32940

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...

7.1CVSS0.0205EPSS
Exploits0References4
NVD
NVD
•added 2021/06/12 4:15 a.m.•45 views

CVE-2021-32554

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
•added 2021/06/08 5:15 p.m.•45 views

CVE-2021-32673

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue...

9.8CVSS0.01941EPSS
Exploits0References4
NVD
NVD
•added 2021/05/21 11:15 p.m.•45 views

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

10CVSS0.08798EPSS
Exploits2References2
NVD
NVD
•added 2021/05/19 10:15 p.m.•45 views

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

7.5CVSS0.09572EPSS
Exploits1References3
NVD
NVD
•added 2021/05/14 8:15 p.m.•45 views

CVE-2021-29557

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

5.5CVSS0.00189EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 8:15 p.m.•45 views

CVE-2021-29530

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...

7.8CVSS0.00232EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 12:15 p.m.•45 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS0.4214EPSS
Exploits3References3
NVD
NVD
•added 2021/05/10 1:15 p.m.•45 views

CVE-2021-22672

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code...

7.8CVSS0.09728EPSS
Exploits0References2
NVD
NVD
•added 2021/04/29 9:15 p.m.•45 views

CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

8.8CVSS0.0124EPSS
Exploits0References4
NVD
NVD
•added 2021/04/29 5:15 p.m.•45 views

CVE-2021-31429

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

8.2CVSS0.00442EPSS
Exploits0References2
NVD
NVD
•added 2021/04/29 5:15 p.m.•45 views

CVE-2021-31418

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

6.5CVSS0.0043EPSS
Exploits0References2
NVD
NVD
•added 2021/04/27 8:15 p.m.•45 views

CVE-2021-30128

Apache OFBiz has unsafe deserialization prior to 17.12.07 version...

10CVSS0.81079EPSS
Exploits2References10
NVD
NVD
•added 2021/04/14 2:15 p.m.•45 views

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45pt contains a cross-site request forgery CSRF vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers...

8.8CVSS0.03753EPSS
Exploits5References3
Total number of security vulnerabilities5000